QuoIntelligence’s Weekly Intelligence Snapshot for the week of 27 May – 3 June 2020 is now available!

Find the summary below and subscribe to our mailing list at the bottom if you want to receive Weekly summaries and other regular updates from us! Or inquire today to receive a free trial of our full Weekly Intelligence Product, which includes analyst comments, MITRE ATT&CK tags, IOCs, and more!


Current Threat

Industries impacted: ANY 

Researchers at Cybereason detailed a new variant of the Valak malware, discovered in April 2020 and observed in attack campaigns targeting Microsoft Exchange servers of enterprises in Germany and US. According to the researchers, the Valak malware evolved from a malware loader for other malwares such as Ursnif and IcedID to become a multi-stage modular malware.


  • Cisco Confirms Attackers Exploited Vulnerabilities in SaltStack to Compromise its Backend Servers
  • Kaspersky ICS CERT Discovered Targeted Spear Phishing Campaigns Targeting Industrial Enterprises in Europe and Asia
  • Russian-Linked Sandworm Team APT Group Exploits Patched Vulnerability in Exim Mail Agent


Industries impacted: Government

As protests erupted across the US – with solidarity demonstrations occurring across Europe, Australia, and Latin America – in the wake of George Floyd’s killing by policemen in Minneapolis, Minnesota, sympathizers, potentially unrelated agitators, and opportunistic threat actors have exploited the extremely volatile situation to conduct cyberattacks and spread misinformation.


  • France Releases COVID-19 Tracing App StopCovid
  • Germany to Reportedly Impose Sanctions on Russia over 2015 Bundestag Cyberattack